|
This error can occur in server.log when CMDB entries are inconsistent or corrupted, possibly due to schema mismatches or failed deletions.
Server.log error:
[glassfish 5.1] [ERROR] [] [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] [tid: _ThreadID=482 _ThreadName=pool-14-thread-10] [timeMillis: 1744616645840] [levelValue: 1000] [[
ERROR: column "incidnetid" does not exist
Hint: Perhaps you meant to reference the column "incident0_.incident_id".
Position: 3279]]
The resolution requires manually clearing multiple related tables in the PostgreSQL backend database phoenixdb which are:
- ph_incident2device
- ph_device
- Identify the device entry on the FortiSIEM backend. SSH to the supervisor via root and run the following commands below
psql -U phoenix -d phoenixdb
select * from ph_incident2device;
select device_id FROM ph_incident2device where host_ip='WebServer_xxxx';
- Clean ph_incident2device Section Table. Check if the device is referenced as below after identifying device_id in Step 1 and delete it:
select from ph_incident2device where device_id=xxxxxxx;
delete from ph_incident2device where device_id=xxxxxxx;
- Clean ph_device Table. Check for interface mappings and delete them.
Find the IP or the device first:
SELECT id, name, access_ip, win_machine_guid FROM ph_device WHERE access_ip = 'x.x.x.x'
After identifying Id:
SELECT id, name, access_ip, win_machine_guid FROM ph_device WHERE id = xxxxxxx;
Delete the reference:
DELETE FROM ph_device WHERE id = xxxxxxx;
Post Validation:
- Verify once again in /opt/glassfish/domains/domain1/logs/server.log for any errors of 'ERROR: column 'incidnetid' does not exist'.
- Confirm the device is no longer visible in CMDB.
|
